RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 23:48:11 +00:00
Code Issues Activity Actions

Kernel+LibELF: Enable SMAP protection during non-syscall exec()

Browse source 
When loading a new executable, we now map the ELF image in kernel-only
memory and parse it there. Then we use copy_to_user() when initializing
writable regions with data from the executable.

Note that the exec() syscall still disables SMAP protection and will
require additional work. This patch only affects kernel-originated
process spawns.
This commit is contained in:
Andreas Kling 2020-01-10 06:57:18 +01:00
parent 66b0002acb
commit 197e73ee31
5 changed files with 20 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Process.h
View file

@ -279,7 +279,7 @@ public:
bool is_superuser() const { return m_euid == 0; }
Region* allocate_region_with_vmobject(VirtualAddress, size_t, NonnullRefPtr<VMObject>, size_t offset_in_vmobject, const String& name, int prot);
Region* allocate_region_with_vmobject(VirtualAddress, size_t, NonnullRefPtr<VMObject>, size_t offset_in_vmobject, const String& name, int prot, bool user_accessible = true);
Region* allocate_file_backed_region(VirtualAddress, size_t, NonnullRefPtr<Inode>, const String& name, int prot);
Region* allocate_region(VirtualAddress, size_t, const String& name, int prot = PROT_READ | PROT_WRITE, bool commit = true);
bool deallocate_region(Region& region);